The Internet of Things – A Major Cybersecurity Risk

The Internet of Things – A Major Cybersecurity Risk

July 12, 2018 The Beacon Blog, Uncategorized 0 Comments

In a recent post John Baker (http://www.silvervinesoftware.com/blog/are-home-based-iot-cyber-exposures-part-of-your-insurance-strategy?utm_source=LinkedIn%20Groups&utm_) describes how in 2016 three Internet gamers inadvertently created a botnet named Mirai which took over about 600,000 devices worldwide, including the entire internet of Liberia. How did this happen? The gamers never changed their default security settings.

When a consumer purchases one of the many devices which make up the “Internet of Things”, manufacturers instruct them to customize the default username and password (typically “admin” and “password” respectively). It only takes a few minutes, and your device is more secure. Yet not only individuals but major companies (Equifax, for example) fail to take this elementary security measure. These failures lead to billions of dollars of damages.

The risks of IoT devices go beyond hacked default passwords. Vulnerabilities have been found in implantable cardiac devices (hackers could literally kill someone). Security cameras with faulty software will let hackers see, and sometimes hear, what is going on. Other vulnerable devices include parental control systems, smart locks and mobile voice assistants.

There is probably no absolute security against these risks. Strong passwords and blocking links between IoT devices and business computer systems will help. Questions of liability between the user and manufacturer remain to be decided. Insurance policies may or may not provide coverage. The best strategy is to be aware of the risks and do what you can to mitigate them.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.